Secure Your Network, Break Your Branding

It’s not often I look at a headline I’ve written and think “are you serious”? But this one’s for real.

The problem is with Windows 10 and the deployment of an 802.1x Group Policy we’ve recently made live. Turns out that applying the policy has an effect on the lock screen. Specifically, we see a low resolution key icon instead of the user or default avatar.

Windows 10 Key Icon

The behaviour of the lock and login screens don’t change. And while you can override this behaviour on the login screen through creating appropriate files in the “User Account Pictures” folder, this seems to have no effect on the lock screen.

That’s not the only thing we’ve tried with regards to sorting out this “problem”. A search of the system for JPG or PNG files turned up nothing, suggesting it’s either built into a binary or lives in an icon file somewhere.

The whole issue raises two questions for me. Firstly, why would enabling 802.1x authentication break Windows branding in the first place? And secondly, where the **** does that key icon live?

Addendum: It looks like Windows 10 isn’t the only one seeing issues. On Windows 7, we’re also seeing the “Other User” option that has to be clicked through on logon for all systems. This is something we didn’t see in the pilot as we have Windows allow them to see the last logged in user. For lab systems, where we don’t do that for privacy reasons, it’s an extra pointless button to click through.